1. Field of the Invention
The present invention relates generally to computer security, and more particularly but not exclusively to methods and systems for combating phishing.
2. Description of the Background Art
Various online services are available over the Internet. Examples of these online services include online banking, data storage, webmail, social networks, etc. Generally speaking, an online service may be accessed with appropriate credentials, such as a user identifier (e.g., username, email address, mobile phone number) and a password. An end user may obtain credentials upon creation of an online account with the online service. The online service may maintain a website that serves a webpage for entering credentials, referred to as a “login page.” The login page may include a login form, such as that shown in FIG. 2. A login page may simply have the login form, or include other data.
Unfortunately, the convenience provided by online services not only attracts legitimate end users but fraudsters as well. Fraudsters may gain access to an online account of a victim using a variety of techniques including by “phishing.” Phishing is a kind of social engineering that involves some form of misrepresentation. A fraudster may operate a malicious website or hijack a legitimate website to serve a login phishing page, which is a webpage that mimics the look and feel of a legitimate login page for the purpose of stealing the victim's credentials. The fraudster may direct the victim to the login phishing page by spam email, man-in-the-middle attack, etc. The login phishing page is made to look convincingly real to trick the victim into entering his credentials.